CVE-2017-15103
HIGHHeketi < 5.0.1 - Authenticated Remote Command Execution via API Request
Title source: llmDescription
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
References (3)
Core 3
Core References
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1510147
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3481
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/cve/CVE-2017-15103
Scores
CVSS v3
8.8
EPSS
0.0549
EPSS Percentile
91.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-78
Status
published
Products (4)
heketi/heketi
0 - 5.0.1Go
Heketi/Heketi
5.0
heketi_project/heketi
5.0
redhat/enterprise_linux
7.0
Published
Dec 18, 2017
Tracked Since
Feb 18, 2026